21#ifndef G_SSL_MBEDTLS_H
22#define G_SSL_MBEDTLS_H
60 void load(
const std::string & file ) ;
62 mbedtls_x509_crt * ptr() ;
63 mbedtls_x509_crt * ptr()
const ;
72 bool m_loaded{
false} ;
84 mbedtls_ctr_drbg_context * ptr() ;
85 mbedtls_ctr_drbg_context * ptr()
const ;
88 Rng(
const Rng & ) = delete ;
90 Rng & operator=(
const Rng & ) = delete ;
91 Rng & operator=(
Rng && ) = delete ;
94 mbedtls_ctr_drbg_context x ;
95 mbedtls_entropy_context entropy ;
106 void load(
const std::string & file ,
const Rng & ) ;
107 mbedtls_pk_context * ptr() ;
108 mbedtls_pk_context * ptr()
const ;
111 Key(
const Key & ) = delete ;
113 Key & operator=(
const Key & ) = delete ;
114 Key & operator=(
Key && ) = delete ;
117 mbedtls_pk_context x ;
126 explicit Context(
const mbedtls_ssl_config * ) ;
128 mbedtls_ssl_context * ptr() ;
129 mbedtls_ssl_context * ptr()
const ;
138 mbedtls_ssl_context x ;
147 explicit Error(
const std::string & ) ;
148 Error(
const std::string & ,
int rc ,
const std::string & more = {} ) ;
151 static std::string format(
const std::string & ,
int ,
const std::string & ) ;
163 const char * p()
const ;
164 const unsigned char * pu()
const ;
165 unsigned char * pu() ;
166 std::size_t size()
const ;
176 static std::size_t fileSize( std::filebuf & ) ;
177 static bool fileRead( std::filebuf & ,
char * , std::size_t ) ;
178 static void scrub(
char * , std::size_t ) noexcept ;
179 static void clear( std::vector<char> & ) noexcept ;
182 std::vector<char> m_buffer ;
192 int min_()
const noexcept ;
193 int max_()
const noexcept ;
194 bool noverify()
const noexcept ;
195 bool noisy()
const noexcept ;
196 bool psa()
const noexcept ;
218 ~LibraryImp()
override ;
219 const Rng & rng()
const ;
220 Library::LogFn log()
const ;
222 static std::string credit(
const std::string & ,
const std::string & ,
const std::string & ) ;
223 static std::string sid() ;
224 static std::string features() ;
227 void addProfile(
const std::string & profile_name ,
bool is_server_profile ,
228 const std::string & key_file ,
const std::string & cert_file ,
const std::string & ca_file ,
229 const std::string & default_peer_certificate_name ,
const std::string & default_peer_host_name ,
230 const std::string & profile_config )
override ;
231 bool hasProfile(
const std::string & profile_name )
const override ;
232 const Profile &
profile(
const std::string & profile_name )
const override ;
233 std::string
id()
const override ;
235 Digester digester(
const std::string & ,
const std::string & ,
bool )
const override ;
238 LibraryImp(
const LibraryImp & ) = delete ;
239 LibraryImp( LibraryImp && ) = delete ;
240 LibraryImp & operator=(
const LibraryImp & ) = delete ;
241 LibraryImp & operator=( LibraryImp && ) = delete ;
248 using Map = std::map<std::string,std::shared_ptr<ProfileImp>> ;
249 Library::LogFn m_log_fn ;
258class GSsl::MbedTls::ProfileImp :
public Profile
265 ProfileImp(
const LibraryImp & library_imp ,
bool is_server ,
const std::string & key_file ,
266 const std::string & cert_file ,
const std::string & ca_file ,
267 const std::string & default_peer_certificate_name ,
const std::string & default_peer_host_name ,
268 const std::string & profile_config ) ;
269 ~ProfileImp()
override ;
270 const mbedtls_ssl_config * config()
const ;
271 mbedtls_x509_crl * crl()
const ;
272 void logAt(
int level_out , std::string )
const ;
273 const std::string & defaultPeerCertificateName()
const ;
274 const std::string & defaultPeerHostName()
const ;
275 int authmode()
const ;
278 std::unique_ptr<ProtocolImpBase>
newProtocol(
const std::string & ,
const std::string & )
const override ;
281 ProfileImp(
const ProfileImp & ) = delete ;
282 ProfileImp( ProfileImp && ) = delete ;
283 ProfileImp & operator=(
const ProfileImp & ) = delete ;
284 ProfileImp & operator=( ProfileImp && ) = delete ;
287 static void onDebug(
void * ,
int ,
const char * ,
int ,
const char * ) ;
288 void doDebug(
int ,
const char * ,
int ,
const char * ) ;
291 const LibraryImp & m_library_imp ;
292 const std::string m_default_peer_certificate_name ;
293 const std::string m_default_peer_host_name ;
294 mbedtls_ssl_config m_config ;
296 Certificate m_certificate ;
297 Certificate m_ca_list ;
299 bool m_noisy {
false} ;
305class GSsl::MbedTls::ProtocolImp :
public ProtocolImpBase
308 using Result = Protocol::Result ;
309 using Context = MbedTls::Context ;
310 using Error = MbedTls::Error ;
312 ProtocolImp(
const ProfileImp & ,
const std::string & ,
const std::string & ) ;
313 ~ProtocolImp()
override ;
315 static int doSend(
void * ,
const unsigned char * , std::size_t ) ;
316 static int doRecv(
void * ,
unsigned char * , std::size_t ) ;
317 static int doRecvTimeout(
void * ,
unsigned char * , std::size_t , uint32_t ) ;
318 const Profile & profile()
const ;
323 Result
read(
char * buffer , std::size_t buffer_size_in , ssize_t & data_size_out )
override ;
324 Result
write(
const char * buffer , std::size_t data_size_in , ssize_t & data_size_out )
override ;
328 std::string
protocol()
const override ;
329 std::string
cipher()
const override ;
333 ProtocolImp(
const ProtocolImp & ) = delete ;
334 ProtocolImp( ProtocolImp && ) = delete ;
335 ProtocolImp & operator=(
const ProtocolImp & ) = delete ;
336 ProtocolImp & operator=( ProtocolImp && ) = delete ;
339 Result convert(
const char * ,
int ,
bool more =
false ) ;
341 std::string getPeerCertificate() ;
342 std::string verifyResultString(
int ) ;
345 const ProfileImp & m_profile ;
348 std::string m_peer_certificate ;
349 std::string m_peer_certificate_chain ;
350 bool m_verified {
false} ;
359 using Error = MbedTls::Error ;
360 DigesterImp(
const std::string & ,
const std::string & ,
bool ) ;
361 ~DigesterImp()
override ;
364 void add( std::string_view )
override ;
365 std::string
value()
override ;
366 std::string
state()
override ;
367 std::size_t
blocksize() const noexcept override ;
368 std::
size_t valuesize() const noexcept override ;
369 std::
size_t statesize() const noexcept override ;
372 DigesterImp( const DigesterImp & ) = delete ;
373 DigesterImp( DigesterImp && ) = delete ;
374 DigesterImp & operator=( const DigesterImp & ) = delete ;
375 DigesterImp & operator=( DigesterImp && ) = delete ;
378 static
void check_ret(
int , const
char * ) ;
381 enum class Type { Md5 , Sha1 , Sha256 } ;
382 Type m_hash_type{Type::Md5} ;
383 mbedtls_md5_context m_md5{} ;
384 mbedtls_sha1_context m_sha1{} ;
385 mbedtls_sha256_context m_sha256{} ;
386 std::size_t m_block_size{64U} ;
387 std::size_t m_value_size{16U} ;
388 std::size_t m_state_size{20U} ;
A base interface for GSsl::Digester pimple classes.
virtual std::string state()=0
Implements Digester::state().
virtual std::size_t blocksize() const noexcept=0
Implements Digester::blocksize().
virtual std::string value()=0
Implements Digester::value().
virtual void add(std::string_view)=0
Implements Digester::add().
A class for objects that can perform a cryptographic hash.
A base interface for GSsl::Library pimple classes.
virtual bool hasProfile(const std::string &profile_name) const =0
Implements Library::hasProfile().
virtual const Profile & profile(const std::string &profile_name) const =0
Implements Library::profile().
virtual Digester digester(const std::string &, const std::string &, bool) const =0
Implements Library::digester().
virtual std::string id() const =0
Implements Library::id().
virtual G::StringArray digesters(bool) const =0
Implements Library::digesters().
virtual void addProfile(const std::string &, bool, const std::string &, const std::string &, const std::string &, const std::string &, const std::string &, const std::string &)=0
Implements Library::addProfile().
Holds a mbedtls_x509_crt structure.
Holds protocol version information, etc.
Holds a mbedtls_ssl_context structure.
An exception class for GSsl::MbedTls classes.
Holds a mbedtls_pk_context structure.
Holds a mbedtls_ctr_drbg_context structure.
An interface for reading a sensitive file and then overwriting its contents in memory.
A base interface for profile classes that work with concrete classes derived from GSsl::LibraryImpBas...
virtual std::unique_ptr< ProtocolImpBase > newProtocol(const std::string &, const std::string &) const =0
Factory method for a new Protocol object.
virtual bool verified() const =0
Implements Protocol::verified().
virtual std::string peerCertificate() const =0
Implements Protocol::peerCertificate().
virtual Protocol::Result connect(G::ReadWrite &)=0
Implements Protocol::connect().
virtual std::string cipher() const =0
Implements Protocol::cipher().
virtual Protocol::Result write(const char *, std::size_t, ssize_t &)=0
Implements Protocol::write().
virtual std::string protocol() const =0
Implements Protocol::protocol().
virtual Protocol::Result read(char *, std::size_t, ssize_t &)=0
Implements Protocol::read().
virtual std::string peerCertificateChain() const =0
Implements Protocol::peerCertificateChain().
virtual Protocol::Result accept(G::ReadWrite &)=0
Implements Protocol::accept().
virtual Protocol::Result shutdown()=0
Implements Protocol::shutdown().
A Path object represents a file system path.
An abstract interface for reading and writing from a non-blocking i/o channel.
An interface to an underlying TLS library.
TLS/SSL transport layer security classes.
std::vector< std::string > StringArray
A std::vector of std::strings.